Distributed payment system and method

ABSTRACT

The present invention provides a payment system that allows a mobile communications device (MCD) to interact with a merchant processing device (MPD) and a payment engine. A communications component associated with the payment engine can send requested barcodes to the MPD, receive barcodes or alphanumeric Universal Product Codes from customer MCDs, and handle payment authorizations and settlements. A barcode management component can generate and interpret barcodes based upon merchant offerings and client requests. A security algorithms component can employ an offset pair algorithm to convert each digit from a payment card information into an offset pair of digits to facilitate security in accordance with one embodiment of the present invention.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present invention claims the benefit under 35 U.S.C. §119(e) of U.S. provisional patent application No. 60/905,560, filed Mar. 7, 2007 and entitled “Distributed Payment System and Method,” the disclosure of which is hereby incorporated by reference in its entirety.

FIELD OF THE INVENTION

The present invention relates to a distributed system and method for handling payments in commercial transactions.

BACKGROUND AND SUMMARY

The advent of mobile communications devices (MCDs) such as cellular telephones has enabled telecommunication in a wide variety of environments previously not contemplated. MCDs have decreased in cost to become more common than conventional land-line telephones. Thus, the MCD is commonly seen in stores, malls, public squares, sporting events, and has become ubiquitous.

MCDs have also evolved to host somewhat related technologies, such as digital cameras, scanners, text messaging, and computer supported internet browsing and email access, for example. All these nascent technologies have thus become available to users in a variety of conventional day-to-day environments. Some have contemplated applications for use of mobile phones in a commercial environment, including effectuating commercial transactions; however, most of these concepts require additional hardware and/or software for the consumer and/or the merchant.

In Japan, some mobile phones now include computer software that enables the telephone to capture and read quick response (QR) matrix codes. This computer software may be bundled with the phone, programmed into the phone by the customer, or purchased as third party commercial software. An individual may then use the mobile phone to take a picture of or capture the QR code, decode it, and transmit the code and user's digital information to a remote system as a request for marketing materials to be sent to the user. This is primarily a one-way or uni-directional transaction with respect to digital information and does not extend beyond the registration of the request and the response of providing the marketing materials to the potential consumer; there is currently no provision for a payment system. QR matrix codes are also used in inventory management, transportation, etc., subject to a Japanese industry standard. Denso Wave, Inc., of Tokyo, Japan, is a commercial provider of software using the QR codes, and more information may be found at http://www.denso-wave.com/qrcode/app-prod-e.html.

PayPal™ mobile is a one-way text-only payment system commercially available through Paypal of San Jose, Calif., and is capable of being hosted on mobile phones. A user may send a text message from their MCD designating a monetary amount and requesting a transaction with another party, using their telephone number or email account. Along with the monetary amount and designated type of transaction, the user must provide a personal identification number for confirmation of the transaction. As noted above, the PayPal™ mobile system is uni-directional, text-only and does not use graphic images to convey data about a transaction. Upon submission of a transaction request, a PayPal operator will call the user to confirm the transaction. Thus, this system is not real-time or completely automated (see https://www.paypal.com/cgibin/webscr?cmd=xpt/cps/mobile/MobileOverview-outside).

Obopay™ is a mobile phone system, offered commercially by Obopay, Inc. of Redwood City, Calif., that enables certain transactions using money held in an “Obopay account” at a bank designated by Obopay™. The transactions include sending or receiving money between Obopay accounts and management of an Obopay™ Prepaid MasterCard®. The system generally relies on proprietary software for full functionality; the proprietary Obopay™ software must be installed on the mobile phone, making it inaccessible or difficult for most users, and some mobile phones do not support the technology. The Obopay™ system can also use SMS (“Short Messaging Service” or “Simple Messaging Service”) messaging or mobile phone internet access; however, users without the Obopay™ software must use web access (i.e., wap.obopay.com) from their mobile phone or non-graphic SMS text messaging. Commercial transactions are contemplated as relying on use of the prepaid credit card and not by direct mobile phone communication.

Other proposals have contemplated including the mobile phone in steps such as scanning bar codes (e.g., the universal product code), generating bar codes, decoding bar codes, communicating with merchant hosted communication systems (e.g., blue tooth, infra red), etc. A common drawback with these proposals is the requirement for additional hardware and/or software for the consumer's mobile phone and/or the merchant's point of sale (POS) technology. For example, conventional (i.e., off the shelf) mobile phones may be able to photograph and capture images, but they currently are unable to scan and decode universal product codes. Further, some of these systems require multiple interfaces that complicate the digital information flow. Of course, such requirements would complicate implementation and slow the development of a standard system.

Unfortunately, there is not available a secure, global, two-way payment system that to relies on off-the-shelf mobile phones, is capable of accepting either graphics or text to complete a transaction, does not require additional software and/or hardware to be loaded onto the mobile phone or the merchant's POS technology, does not require a secure network, provides for out-of-channel two-factor authentication of the transaction by the consumer and does not require the merchant to receive payment directly from the customer at the point of purchase.

By providing such a system and method, the present invention thereby benefits a variety of entities including, for example, online digital content publishing/sales entities, offline unattended kiosks, and offline small-to-medium sized entities (SMEs) where real-time credit card authentication is not practical for the merchant.

The present invention is a distributed system and method for handling payment in commercial transactions. The present invention uses existing, common technologies already in widespread, global use to implement a bi-directional flow of digital information to enable commercial transactions. Further, the present invention does not require additional software/hardware to be installed on user's mobile telephones.

Of course, a two-way system supporting bi-directional transactions will present security challenges greater than the single-way systems. The configuration of the present invention preferentially provides a secure two way flow of information. Two-factor authentication (originating cell phone and personal identification number (PIN)), for example, may provide consumer fraud protection greater than or equal to Verified-by-Visa or MasterCard SPA, while maintaining an easily used interface for the mobile phone user, making it ideal for teens and young adults.

In one aspect, the present invention provides a distributed payment system that relies on the mobile phone keypad, the mobile phone camera, and SMS messaging technology. This system enables payment, online or offline, for transactions with minimal key entry on the mobile phone keypad by using the camera phone and SMS capabilities, respectively, to capture and transmit images of bar codes displayed by the vendor. The transaction is communicated using globally-accepted, consistent technologies and protocols, which renders the payment system independent of the mobile phone carrier and accessible to global consumers. The payment system can be accepted by merchants anywhere in the world that mobile camera phones are used, or any environment having Internet connectivity. The payment system travels over common, non-premium wireless protocols, providing the basis for the low-cost transactions critical for micro- and small-payment support, as well as for rapid merchant adoption. While the present invention does not require it, the present invention can operate with MCDs that implement additional or substitute software and hardware functionality, such as, for example, barcode scanning technology. In such an embodiment, the MCD can scan codes from paper or electronic interfaces in order to acquire the code for later processing as detailed herein or, where acceptable capture of the bar-code is problematic, accept text entry of the alphanumeric universal product code.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram illustrating a sample system architecture for use in connection with one embodiment of the present invention.

FIG. 2 are schematic diagrams of the wireless communication device and payment system according to one embodiment of the present invention.

FIG. 3 is a sample flow chart illustrating one method of processing a transaction in accordance with one embodiment of the present invention.

FIG. 4 is a sample flow chart illustrating one method of establishing an account for a user in accordance with one embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

As shown in FIG. 1, the present invention provides a payment system 10 that allows a mobile communication device (MCD) 20 to interact with a merchant processing device (MPD) 11 a and a payment engine 25. In one embodiment of the present invention, the MCD is an off-the-shelf device with no additional software installed. The merchant device 11 a communicates with the payment engine 25 through merchant network 20, which can optionally be a secure network accessible over the Internet. It will be appreciated that other merchants 11 b-d can also access payment engine 25 through the merchant network 20.

As shown in FIG. 2, the payment engine 25 employs a messaging server 40 and an account server 45 to accommodate merchant payment and account configurations, merchant commercial offerings, customer payment and account configurations, and customer orders in accordance with the present invention. The payment engine messaging server 40 includes a communications component 41, a barcode management component 42 and an SMS interface 43. The account server 45 comprises a payment processing component 46, an account setup component 47, an encryption component 48 and a security algorithms component 49.

The communications component 41 allows the payment engine 25 to communicate with MPDs and MCDs, among other entities, devices or systems. In one embodiment of the present invention, the communications component can send requested barcodes to the merchant device, receive barcodes from customers, send data to payment system storage devices 50, send data to credit card processors (i.e., associations) 62 and initiate credit settlements as shown in FIG. 1. The barcode component 42 can be a commercially available barcode software program that can interpret barcodes based upon merchant offerings and client requests, for example. The SMS interface 43 provides for special communication processing of Simple Messaging Service (a.k.a., Short Messaging Service) messages. While not shown, the messaging server and the account server and their respective components are driven by a CPU with sufficient memory to quickly process the necessary computer instructions to carry out the functions discussed herein in real-time.

The account setup component 47 of the account server 45 allows the merchant to register its vending device(s) and configure its account and payment procedures. When the account server is registered and acknowledged by the system of the present invention, further vendor communications can occur as described more completely hereinafter.

The account setup component further allows the customer to configure his or her account and payment procedures. In one embodiment of the present invention, the customer can configure an account through account setup component such that the customer deposits funds with the payment engine or its operator, whereupon the funds are stored and available for later commercial transactions. The customer can also configure an account to use a credit or debit card issued by customer's financial institution, whereupon the payment engine categorizes the account as one that must provide for approvals, communications and authorizations in credit and debit transactions. Such transactions involve processing the flow of information (“approval/authorization”) and settlement of funds via communications with an acquiring bank 55, an association 62 (e.g., MasterCard™ or VISA™), and an issuing bank 60, as illustrated in FIG. 1. Such processes and settlement are known to those of ordinary skill in the art.

The present invention contemplates that customers using the present invention in the course of traditional credit or debit transactions have opened a credit or debit account with a bank (“issuing bank”) that is a member of the association and received a credit and/or debit card as a result, or they have created and pre-paid funds into an account maintained by the system, from which purchase amounts may be deducted. The present invention further contemplates that merchants using the present invention have entered into a relationship with a bank (the “acquiring bank”) that is a member of the same association as the issuing bank. The acquiring bank facilitates the approval/authorization process and settlement on behalf of the merchant.

As the present invention operates such that the customer does not provide credit information directly to the merchant, the present invention varies somewhat from ordinary information and settlement processing, and such differences are expressed herein. Following the transfer of account information from the purchaser to the payment engine, the payment processing component 46 of the present invention seeks approval of the transaction by providing account information to the merchant's acquiring bank along with the purchase price of the merchant's offering. The acquiring bank sends the information to the association, and the association passes the information to the issuing bank. The issuing bank uses the information to determine whether to approve the transaction. Assuming that the issuing bank authorizes the transaction, a record of authorization to consummate the transaction is sent from the issuing bank to the association. The record of authorization typically includes a unique identification code. The association sends the authorization to the acquiring bank, and the acquiring bank sends the authorization to the payment processing component of the payment engine.

Upon receipt of the authorization in the offline, interactive transaction example, the payment processing component can inform the merchant, who in turn may provide the purchaser with the goods or services that are the subject of the transaction with the assurance that the merchant will receive the proceeds of the transaction upon settlement. The system can handle online transactions similarly by informing the merchant of completion of payment. In handling offline, automated transactions, the payment processing component of the present invention can deliver a message to the MCD with information necessary for the customer to claim the item or service purchased. This offline, automated approach can work in the unattended kiosk embodiment of the present invention, for example.

Settlement of the transaction and ultimate payment to the merchant can be handled according to conventional procedures. For example, the association can institute settlement by clearing the acquiring bank's request for payment with an offsetting demand on the issuing bank. Upon settlement, the association pays the acquiring bank the amount of the sale less the issuing bank domestic interchange fee and less an association fee. To complete the cycle, the issuing bank then bills the purchaser for the amount of the sale. The purchaser may then pay the issuing bank in accordance with its credit agreement with the issuing bank.

In handling stored value accounts, the payment processing component 46 uses the information provided by the user to determine if the user has sufficient proceeds (e.g., identified in database 50) to cover payment for the desired transaction. Settlement can occur according to the terms of any agreement between a payment system provider and a user.

The security algorithms component 49 communicates with the account setup component 47 to convert any payment card information (e.g., debit card digits, credit card digits, expiration date digits, card verification method (CVM) digits, PIN digits) into an appropriately secure code for use with the present invention. In one embodiment of the present invention, the security algorithms component employs an offset pair algorithm to convert each digit from the payment card information into an offset pair of digits using whole numbers. Table 1 below illustrates an example of offset pairs corresponding to a credit card having digits 2222 1111 8888 and a CVM of 901 using a PIN of 8675309. The offset pairs can be derived by the algorithm component randomly selecting a PIN digit (e.g., the first digit, the fourth digit, etc.) and setting the first value of the offset pair to be the sequence number of the PIN (e.g., the first digit has a sequence number of “1” because it is first in the sequence, the second digit has a sequence number of “2” because it is second in the sequence, etc.). The second value of the offset pair is then derived by taking the value of the credit card digit (e.g., a “2” is the first digit in the hypothetical credit card number below) and determining what must be subtracted from the “2” to obtain the value of the PIN digit corresponding to the first offset pair value. For example, if the first offset pair value is “4” then the fourth digit of the PIN has a value of “5”. The credit card digit value “2” is thus derived by subtracting “−3” from the “5” value. Mathematically, this is represented as 2−(−3)=5. The offset pair is thus stored as (4, −3) and indicates that the given digit value of the credit card is derived by subtracting (−3) from the fourth digit of the PIN.

The offset pair values can be different even if the credit card digit value is the same. For example, as shown in Table 1, the value of the first four digits of the credit card is “2” yet the first digit value of the offset pair is different in each case. Since this first digit value of the offset pair is determined randomly, it is possible that it could be the same even if the credit card digit value is the same. In one embodiment of the present invention, every number of the payment card is derived from the customer's PIN, using random algorithms to determine which value of the PIN is used to derive each of the numbers in the customer's credit card. For payment system accounts secured by the customer's bank account, the bank account MICR is derived the same way.

TABLE 1 Credit card digit CVM digit PIN Offset Pair 2 8675309 4, −3 2 8675309 2, −4 2 8675309 6, 2  2 8675309 7, −7 1 8675309 1, −7 1 8675309 2, −5 1 8675309 7, −8 1 8675309 6, 1  8 8675309 4, 3  8 8675309 1, 0  8 8675309 5, 5  8 8675309 3, 1  9 8675309 2, 3  0 8675309 3, −7 1 8675309 4, −4

By operating with offset pairs or another code created by an algorithm using the present invention, the payment system of the present invention avoids storage of user credit card numbers, PINs, CVMs and any other direct payment account information. In this way, risk of compromise of such information is drastically reduced and PCI compliance is ensured. The CVM is a usually three- or four-digit number used by major credit card companies to verify the card holder has the physical card in hand when making a transaction outside of a traditional point-of-sale environment. According to one embodiment of the present invention, the CVM information is either derived from the customer's PIN, just as the credit card itself is, using offset pairs, or it is provided by the customer in real-time, such as by appending the correct CVM value to their PIN, for example. The present invention can thereby work to process credit information on the fly as transactions are occurring using only a PIN (or PIN+CVM) provided by the customer at the time of transacting. The system will not process a transaction if the credit card gateway through which the transaction is run returns a CVM failure indicating the CVM is incorrect for that credit card.

In the embodiment of the present invention where the use chooses to use a stored value account with the payment system of the present invention, as opposed to using a credit card or debit card, the present invention can still use offset pairs as described above to conceal a user's payment authorization code. Alternatively, the customer can use a stored value code that does not require storage of an authorization code; instead, the customer simply provides his or her PIN at the time of transacting. The PIN can be provided by speaking or keying it into the user's MCD, for example.

The encryption component 48 can be used to encrypt each user's PIN as well as the offset pairs, so that the system of the present invention never stores a user's actual PIN or offset pairs. In one embodiment of the present invention, a non-reversible hash of the PIN and each offset pair is created prior to encryption by the security algorithms component for added security.

In operation, and with reference to FIG. 1, the merchant device 11 a can procure a barcode 15 from the barcode management component of the payment engine 25 according to an offering or package of offerings to be made available to a customer. For instance, a ticket kiosk can provide customers with ticket offerings to multiple events at a single kiosk. In one embodiment of the present invention, the ticket kiosk owner and/or manager (or another entity in control of the tickets), can identify pre-packaged tickets (e.g., 2 tickets to Ultimate Fighter™ bouts, a set of season tickets to every local college track event, a selected grouping of tickets to a concert series (e.g., a 5-concert pack)) for acquisition using the payment engine 25. Alternatively, the customer can make selections at the point and time of purchase, whereupon the merchant device notifies the payment engine of the customer selection for barcode generation on-the-fly.

In accordance with one method of the present invention, as illustrated by the diagram 70 in FIG. 3, the merchant can request a barcode from the payment system of the present invention, and thereafter present the barcode to the consumer. The barcode represents an item or aggregation of items (the “Item(s)”) the merchant is selling, which can be a product, service or any known commercial offering. The barcode presentment may be done in real-time as the customer or mobile phone user arrives at a point of sale (“POS”), or may be done in advance and presented to the customer when the customer is ready to finalize payment. Alternately, the merchant may request the bar-code from the payment system by passing it information relevant to the transaction at hand, and receive that barcode back for presentation to the consumer.

The customer, upon arriving at an online or offline point of sale, is presented with a barcode by the merchant. The barcode may be presented via an electronic device's display screen, a web page, or any reasonably flat surface (e.g., a piece of paper, for offline transactions). The bar code conveys the merchant identity, the Item(s) identity, the summed amount of the Item(s), the amount of sales tax being charged, the amount of VAT tax being charged, the total amount of the sale, and the currency of the sale amount, and optionally, a merchant transaction or shopping cart identity/number. The barcode management component embeds the information in the bar code by encrypting it, converting the cipher text to hexadecimal values and creating the bar code to convey that hexadecimal string of characters.

The customer collects the barcode onto the customer's MCD in one of several ways. In one embodiment, the customer takes a picture to capture an image of the bar code using his mobile phone camera. In another embodiment, the customer can use an integrated scanner to scan the barcode, although such operation may require additional software in order for a common off-the-shelf MCD to operate effectively. Regardless of how the barcode is captured by the MCD, the customer can then send the digital image of the barcode to the payment engine, using SMS messaging in one embodiment of the present invention. It will be appreciated that transmitting the barcode from the customer's MCD can take place over an unsecure network without risk of compromising credit information. This conveys the bar code to the payment engine for interpretation. In lieu of a bar code, an alphanumeric Universal Product Code (UPC) may be transmitted by the MCD to the payment system, where it is received and processed by a payment system component such as the barcode management component, for example.

If the customer does not yet have a payment system account, the account setup component 47 can operate as shown in the diagram 75 of FIG. 4. As shown in FIG. 4, upon determining that a customer sending an SMS and/or barcode has no account, the payment system calls the customer's mobile phone number and requests payment method information. In this way, the system helps the customer create and authenticate an account. The customer can send back payment card information, a CVM and PIN, for example, by voice or text. The payment system then authorizes the card, randomizes its digits, selects digits to store information needed to rebuild the CVM later, computes changes between the CVM and the PIN and stores the non-CVM digits. At this point, the payment system can then acknowledge a successful transaction to the customer and the merchant.

When the customer creates their account, they secure it with a personal identification number (PIN), which is used to authorize transactions. In one embodiment of the present invention as alluded to above, the payment engine does not store the user's PIN; rather, a non-reversible hash of the pin is stored. When the customer enters their PIN, that value is hashed by the security algorithms component and compared to the hash in storage for authentication of the PIN's correctness. The customer's payment system account may be linked to a credit card as described above, enabling real-time charges in the event the customer does not have a sufficient stored balance in their payment system account to cover the current transaction.

Referring back to FIG. 3, during a transaction, the payment system's messaging server receives the message from the customer, deciphers the account of the sender from the SMS message and, using image processing algorithms, decodes the barcode to determine the merchant making the sale, the Item(s) being purchased, the amount values, and the amount currency.

The communications component then queries the customer for authentication of the transaction. This can be accomplished via a voice call or electronic written message. The query conveys the total amount and currency of the sale and requests the customer's PIN. The PIN may be spoken or entered via the phone's dial pad. Optionally, the customer may provide the credit card's CVM at this time as described above.

Upon authorization, the payment processing component 46 of the system executes the transaction by either: (a) debiting the balance from the customer's payment system stored-value account, or (b).charging the account holder's credit card, if applicable, as described above.

If the funds are available, they are debited from the customer's account, moved to the merchant's accounts for later settlements, and a notification is communicated to the merchant. The merchant account may be configured to receive notifications via a real-time API, email, or a voice phone call to a preconfigured number, for example. Upon completion of the transaction, the purchased goods or services may be released to the customer by the merchant.

The above examples should be considered to be exemplary embodiments, and are in no way limiting of the present invention. Thus, while the description above refers to particular embodiments, it will be understood that many modifications may be made without departing from the spirit thereof. 

What is claimed and desired to be secured by Letters Patent is: 1.-18. (canceled)
 19. A computer-assisted method performed by a merchant processing device, the method including: requesting a machine readable code from a payment system, wherein the machine readable code is associated with one or more products for purchase; receiving the machine readable code from the payment system; displaying the machine readable code to a mobile communications device operated by a customer, wherein the mobile communications device obtains and transmits the machine readable code to the payment system, and the payment system requests a personal identifier from the customer and verifies the personal identifier; and receiving an authorization message from the payment system indicating that the customer is authorized to purchase the one or more products after the payment system verifies the personal identifier.
 20. The method of claim 19 wherein the mobile communications device is a mobile phone.
 21. The method of claim 19 wherein the machine readable code comprises a merchant identifier, identifiers of the items purchased, a total transaction amount, sales tax being charged on the transaction, or a transaction identifier.
 22. The method of claim 21 wherein the machine readable code comprises the merchant identifier.
 23. The method of claim 19 wherein the merchant processing device does not receive an identifier for the customer or a payment account number of the customer.
 24. The method of claim 19 wherein the merchant processing device is a POS terminal.
 25. The method of claim 24 wherein the machine readable code is a barcode.
 26. A merchant processing device comprising: a processor; and a computer readable medium, the computer readable medium comprising code, executable by the processor to implement a method including: requesting a machine readable code from a payment system, wherein the machine readable code is associated with one or more products for purchase; receiving the machine readable code from the payment system; displaying the machine readable code to a mobile communications device operated by a customer, wherein the mobile communications device obtains and transmits the machine readable code to the payment system, and the payment system requests a personal identifier from the customer and verifies the personal identifier; and receiving an authorization message from the payment system indicating that the customer is authorized to purchase the one or more products after the payment system verifies the personal identifier.
 27. The merchant processing device of claim 26 wherein the mobile communications device is a mobile phone.
 28. The method of claim 26 wherein the machine readable code comprises a merchant identifier, identifiers of the items purchased, a total transaction amount, sales tax being charged on the transaction, or a transaction identifier.
 29. The method of claim 28 wherein the machine readable code comprises the merchant identifier.
 30. The method of claim 26 wherein the merchant processing device does not receive an identifier for the customer or a payment account number of the customer.
 31. The method of claim 26 wherein the merchant processing device is a POS terminal.
 32. The method of claim 26 wherein the machine readable code is a barcode.
 33. A method comprising: receiving, by a mobile communications device, data associated with a barcode from a merchant processing device; transmitting, by the mobile communications device, in a communication, the data associated with the barcode to a payment system, wherein the payment system identifies a customer account from the communication; receiving, by the mobile communications device, an identity challenge; and providing, by the mobile communications device, an authentication response to the identity challenge, wherein the payment system charges the customer account after validating the authentication response.
 34. The method of claim 33 wherein the mobile communications device is a mobile phone.
 35. The method of claim 33 wherein the communications is an SMS message.
 36. The method of claim 35 wherein the identity challenge is in the form of a phone call.
 37. The method of claim 33 wherein the bar code conveys a merchant identity, identities of items purchased, taxes, and a total amount of a transaction.
 38. The method of claim 33 wherein merchant processing device displays the barcode. 